Hi,
using VLAN I had to modify UDP packets as the checksum is not calculated causing issues with dhcp process.
With iptables I used iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill
THX to: https://forum.openwrt.org/t/solved-dhcp-on-vlan-interfaces/61115/6
How to do this using nftables as I didn't found the nft-checksum package?
Shall I stay using old iptables rules and use the fw4_compatible option?
I've read that setting the checksum to 0 will force its recalculation. As a stab in the dark, maybe try: nft add rule inet fw4 mangle_postrouting ip protocol udp udp checksum set 0
EDIT - this may work a little more selectively: nft add rule inet fw4 mangle_postrouting udp dport 68 udp checksum set 0
Look like instead of a "bad checksum" status it is a "no checksum" that is reported using tcpdump.
Moreover this prevents the DHCP process to complete
Doesn't work
That's disappointing, but not altogether unexpected. The --checksum-fill option of iptables is actually often used as an example of a type of iptables command that iptables-translate can't translate to nftables format. I had read that setting it to zero caused it to be recomputed, but that may be in more recent kernels as a solution to the above.
nftables is good for the middle of the bell-curve situations, but still seems to lack a lot of the flexibility in various fringe cases that iptables had. It's been around a long time, but I question it being ready for prime time.
Yes, it was a reply to your post, and an addition, proper capture to find any bugs should be done on a client that has checksum offloading disabled on its interface, else the checksum reported will be bad anyway, if my previous reply wasn't clear enough, sorry.